An estimated $800 billion to $2 trillion (2-5% of global GDP) is laundered globally every year, according to the United Nations. Financial institutions are on their back heels when it comes to fighting financial crime and the issue is only getting worse. In an ideal scenario, financial institutions could pool together the plethora of data they have at their disposal to join the dots and identify financial crime, cooperatively tackling this issue. But the prospect of sharing data and putting their customer’s privacy at risk comes with its own risks, issues and possible consequences.
As the looming issue of financial crime hangs over the head of financial intuitions, leaders are realizing that collaborating on this issue is key. Enabling institutions to pool their data together and collaborate to uncover potential financial crime is powerful, but with the sensitivity of data, financial institutions need to ensure that the services they’re using for collaboration provide the correct controls and security policy capabilities to always protect and control access to that data.
Privacy-enhancing technologies (PET) and data clean rooms have come forward as solutions for collaboratively analyzing sensitive data without compromising its privacy, but not all PETs and data clean rooms are made the same. It’s important to understand your firm’s situation and what’s needed from a technical perspective before considering leveraging these powerful technologies. Before making that decision, here are three questions every financial institution should ask before sharing their data set for multiparty collaboration.
1. Does the technology allow for a direct relationship between the clean room provider and the data owner?
Traditional methods for collaboratively analyzing sensitive data come with risks. Trusting a third party with sensitive data puts too much responsibility in their hands. Commercial agreements can provide some assurance but can never fully guarantee complete protection because human error is a reality and malicious actors do exist. According to a recent study conducted by KPMG, 73% of organizations have experienced at least one significant disruption from a third-party cyber incident within the last three years.
When considering sharing data sets with a third party, such as a data clean room provider, firms must first understand how comprehensive their data policies are and if those policies allow for a direct relationship between the third-party and data owners, both internally and externally. To ensure complete security — and beat the increasing percentage of cyber disruption — the financial institution/data owner needs that direct relationship with the provider. If a direct relationship is not there, financial institutions must put blind trust in the third party, and they risk losing control of their data altogether. The desired relationship gives internal and external data owners the ability to validate the integrity of the environment and conduct regular audits to ensure complete privacy at any given time.
2. Can data owners fully control their own data protection and access policies?
Strong and comprehensive data access controls are vital when exposing sensitive data sets. But even more important is the ability to create personalized data access policies that work for your business and scenario. When the data owners are allowed to customize these policies, they’re able to greatly reduce the risk of data leaks or breaches in a way that aligns with their internal policies Personalized policies ensure data access is not over-provisioned so that only those who need access can get it. And crucially, it puts control of their data in their own hands by preserving their data sovereignty.
3. Who holds the keys to the data and policy enforcement?
While some PETs and confidential computing tools allow clients to create data access and control policies, the enforcement of those policies is oftentimes placed in the hands of a 3rd party. With corporations around the globe facing massive fines for security and privacy violations, it is vital that financial institutions have clear ownership of data policy enforcement. Having cryptographically enforced controls with full and direct control over policy ensures only you control how the data is accessed and used.
If proprietary data is being shared with a third party for collaborative processing, but the third party controls the keys as part of the arrangement, then the data owner has no way of avoiding potential privacy and policy risks created by the provider. Before sharing data sets with a third party, ensure that your firm holds the keys to data encryption and policy enforcement and clearly outlines who internally controls and implements that enforcement.
Having complete control over data custody, key management, data access policies and enforcement, allows financial services to utilize the power of PETs in its entirety to offset the potential of financial crime without the fear of exposing sensitive data, ultimately saving these firms up to $2 trillion.
© 2024 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.
Comments
Trade confidently with insights and alerts from analyst ratings, free reports and breaking news that affects the stocks you care about.
